We've released a new maintenance update for PivotX. Since this release fixes a security-issue, it is a recommended upgrade for all PivotX 2.x websites. For former security related issues and patches, see the page dedicated to Security issues.

These are the changes since PivotX 2.3.8:

Security issues:

A file upload vulnerability and various XSS issues on the admin pages. Mitigated by the fact that an attacker must have an PivotX account. All issues require that the attacker has a PivotX account/user, so for sites with multiple users, you will want these patched.

Other bug fixes:

For flatfile databases:

Adding excerpts to the output from getLatestPages so page excerpts are displayed on the dashboard.

'read_entries' should not change the current entry (since read_entries is used for other things than creating subweblogs).

Bug fix in session cookie domain - any subdomain named "wwwX" (where X is any character) resulted in an invalid domain for the cookie.

Hi. I just started blogging with PivotX. And wow, great to see that new releases are still popping up frequently. What a feature rich but at the same time easy to use blogging platform. I am already loving it and looks very promising.